Developers using Java on clients or in small projects may not believe that there is a fundamental problem with Java's robustness. People working with huge applications and application servers written in Java know about the problem but may doubt that it's possible to build something like an unbreakable Java architecture. Some may even remember the White Star Line promising that their ocean liner Titanic was unsinkable; an iceberg in the North Atlantic proved them wrong and demonstrated that there is no such thing as an unsinkable ship. Is it really possible to build a Java application server that never goes down?

It's All About IsolationThe key to understanding robust Java is isolation, isolation, and isolation. Robust applications, especially robust application servers, require a high level of isolation between users. It's not acceptable that an error occurring while processing one user's request may affect all users connected to the system. The complexity of software systems makes it impossible to develop software that is completely free of errors, so errors will always happen. Only isolation can provide real robustness by limiting the impact of errors.

The design of the Java Virtual Machine ignores the painful lessons operating system vendors have learned in the past 40 years. The concepts of processes, virtual memory management, and different protection modes for kernel and user code can be found in all modern operating systems. They focus on the question of isolation and therefore robustness: an application with errors cannot affect the other applications running in the system.

In contrast, Java follows the all-in-one-VM paradigm: everything is processed inside one virtual machine running in one operating system process. Inside the VM, parallelism is implemented using threads with no separation regarding memory or other resources. In this respect Java has not changed since its invention in the early nineties. The fact that Java was originally invented as a programming language for embedded devices may explain this approach.

There Is No Isolation in JavaJava does not have a problem with isolation; there is virtually no isolation at all. Java tries to avoid dangerous concepts like manual memory management (this is like taking some of the icebergs out of the ocean) and it can't be denied that it provides at least some isolation concepts, but a Java Virtual Machine is still easy to break. For example, class loaders make it possible to partition an application into parts that cannot see and access each other directly, which provides some isolation. Going back to our nautical example from the very beginning, this is exactly what was supposed to make the Titanic unsinkable: the ship consisted of separate compartments and water pouring into the ship was supposed to be stopped by the bulkheads separating the compartments - unfortunately the iceberg was too big and way too many compartments filled up with water. In terms less familiar to the sailor but more familiar to the developer: all the fancy isolation built with class loaders does not help if you have memory leaks, threads running amok, or even bugs in the VM.

SAP's Approach to IsolationSAP's ABAP application server - the powerhouse underlying enterprise-scale R/3 business solutions - was based on the concept of process isolation from the very beginning. It consists of a dispatcher and a bunch of work processes handling the requests. The work processes are normal operating system (OS) processes and the OS provides a high level of isolation for free. The dispatcher guarantees that in one moment exactly one user request is processed by each work process. In case of a crash, only the user currently processed in the crashing process is affected. All other users continue their work and the operating system takes care of the resource cleanup.

To overstress the ocean liner example a little: the ship is not split up into compartments but every passenger gets its own ship (a separated process) with some guide (the dispatcher) taking care that all sail the same course and don't hit each other. Using this architecture, an iceberg (a severe error) may still hit one of the ships but it will affect only one passenger.

One passenger per ship sounds weird. Giving each passenger his or her own private dining room and engines seems to be a huge waste of resources. Two things can be done to handle the resource issue. First, it is possible to let the passengers share the ship with some others without meeting them at any time. Some invisible mechanism moves the sleeping passenger out of the ship, storing him or her somewhere outside and puts another active passenger into it, taking care that only one active passenger is in each ship at any moment. The second way to address the resource problem is to share as many resources as possible between the little ocean liners.

In the ABAP application server, the state of the user - often called user context - is not stored inside the process but in a shared memory area accessible to all work processes. This allows attaching the user context to a free work process when the next request arrives. Attaching user contexts is a very fast operation because no data is copied.

The ABAP virtual machine (yes, ABAP is executed on a virtual machine) was designed from the very beginning to store user contexts in shared memory. All infrastructure (the engines, the dining room) is written in C and able to deal with user contexts being moved between the work processes too.

CIO, CTO & Developer Resources

User Isolation in JavaSAP's VM Container technology transfers the ABAP isolation concepts to the Java arena. The first step is to increase the number of virtual machines and therefore reduce the number of users handled by each VM. Having a hundred instead of a thousand users assigned to a VM makes a difference in case of a crash, but still affects too many users. Decreasing the number of affected users further without increasing the number of virtual machines requires some extra magic.

Normally less than 10 percent of the users connected to a system are actively sending requests; the others are thinking about their next action or typing in some data at the front end (thinking users). Keeping the user state (user session in Java terms) in a memory area outside the virtual machine allows reestablishing the sessions of all thinking users in case of a crash. This reduces the number of affected users in our example to only 10 or one percent of the thousand users (see Figure 1).

The technology used to keep the sessions outside the virtual machine is called Shared Closures (see sidebar for details). The session state of a user is saved to shared memory after his or her request was processed. This guarantees that the shared memory contains a backup of the session state of at least all thinking users and that the data is accessible to all virtual machines. In case of a crash, another virtual machine can copy the user state from shared memory to its local memory and continue processing the user's requests without the user even noticing.

Memory Diet for the VMThe drawback of the described approach is that you have more virtual machines, each of them eating up some memory. This requires extra measures to keep the memory footprint of the VMs low; they must be put on a diet. This problem is addressed by Shared Classes.

The memory consumed by Java classes can become quite large in real-world applications. Shared Classes is a technology built into the Java Virtual Machine that shares the runtime representation of the classes, including the native code generated by the JIT compiler, across all virtual machines on one physical box. The classes exist only once in memory, reducing the overall memory consumption of the VMs.

In addition to the session backup explained earlier, Shared Closures can be utilized to reduce the memory footprint of a virtual machine. Configuration data and other application or server-wide information can be shared between VMs. Mapping the data from shared memory will provide access to it without consuming memory in each VM.

Don't Forget SupportabilityProviding a high level of robustness through isolation is half the battle, but robustness without supportability is not sufficient. If something goes wrong in the application server, support personnel must be able to track down and resolve the problem easily.

The virtual machine used in the VM Container has been improved regarding supportability. One of the most interesting features is the ability to switch dynamically into debugging mode and vice versa. The switch can be initiated from the inside (using Java code) or from the outside (using administrative tools). Normally, Java application servers need dedicated debugging nodes because the Java virtual machine must be switched into debugging mode at start-up. Using the VM Container, debugging is possible at any time, even in productive systems. A sophisticated rights management restricts which parts of an application or server a developer can debug. This prevents misuse of debugging capabilities in production environments.

Besides debugging, the monitoring capabilities of the VM can be used to obtain granular statistics about the running server. The monitoring is built in a way that does not affect the performance of the running application until explicitly switched on.

SummaryThe VM Container technology offers improved robustness through isolation. The isolation is provided by reducing the number of users handled in parallel in one virtual machine. Saving the user's session state in a shared memory area improves the failover characteristics of the application server. Advanced sharing technology helps to reduce the memory footprint of the virtual machines. Improved monitoring and debugging support makes it easy to detect and fix problems at runtime.

Why Is It Called VM Container?The technology behind the Always On Java initiative is called VM Container and the name suggests that there is something like a virtual machine and a container housing it. Right!

The name is based on the fact that the ABAP application server already contains a lot of interesting and battle-tested services that can be reused to build a robust Java server. The components were reshaped and now provide the container that hosts the Java Virtual Machine. The VM was licensed by SAP and modified to seamlessly integrate into the container and to provide additional features like sharing technologies and enhanced supportability.

SIDEBAR 2

Shared ClosuresOne of the key features of the VM Container technology is the Shared Closures API. It provides a semantic similar to serialization but with a new and very fast implementation. This technology enables middleware developers to share Java objects between virtual machines running on the same computer. For the application developer, high-level APIs based on Shared Closures are available, for example, providing caching or configuration management.

The name Shared Closures already implies that not only single objects but the whole transitive closure of objects reachable from one root object is shared. This behavior is like Java serialization except the operations are faster and a special mode of operation, called mapping, is supported.

A Shared Closure is created or updated by providing a reference to the root of an object tree to the API. The content of the tree is copied to the shared memory while the objects inside the virtual machine remain unchanged.

An exiting Shared Closure can be used in two different ways:

Copy: The objects in the Shared Closure are copied to the heap of another VM. The objects become normal local objects and can be modified (see Figure 2).

Map: The objects in the Shared Closure are not copied but only mapped into the address space of the virtual machine (see Figure 3). This operation is very fast in comparison to copy, because no data is transferred. Especially no extra memory is consumed for the mapped objects. The objects mapped into the address space are read-only.

An implicit versioning mechanism takes care of the fact that some VMs may have mapped a version of a Shared Closure when another VM wants to publish an update. All previously mapped closures remain unchanged, whereas new map requests provide the new version. A distributed garbage collector removes all old versions that are no longer used.

Mapping objects from Shared Closures is the best mode of operation for caches and configuration data that rarely changes. Copying the data of a Shared Closure is used to implement session failover or messaging mechanisms.

SIDEBAR 3

A Peek into the Labs: Full User IsolationIn the development labs at SAP, work is in progress on a solution that goes beyond the approach described in this article: it merges the Java and the ABAP world. Both virtual machines run together in one work process and full user isolation is provided for ABAP and Java programs: in one Java Virtual Machine, only one user request is processed at a time.

A new paradigm was implemented called Process Attachable Virtual Machines. It decouples the VM from the process and makes it a lightweight memory image that can be moved between processes. Using VM templates, new virtual machines for the pool can be created with nearly no runtime effort. VM templates are available that contain a fully bootstrapped virtual machine, including the application server and the deployed applications. Using VM templates offers a way to create new virtual machines for the pool instantaneously.

The number of work processes can be configured in a way that guarantees that the working set of all processes fits into the machine's main memory (although the memory is usually too small to hold all VMs at the same time). The number of virtual machines in the pool is normally higher, to take into account situations where a virtual machine does blocking I/O or other operations that don't use the CPU. In those cases, the VM is temporarily detached to free the process for new requests.

The operating system schedules preemptively between the processes but the virtual machines are moved in and out of the processes on a semantic base (semantic scheduling). This dramatically reduces the problem of thrashing because the working set is only changed after a user request is finished. Controlling the semantic scheduling is easy because the VMs are not operating system processes but attached to processes and detached on demand.

The session state of the users is kept in a special shared memory area accessed via the Shared Closures technology. The VM and the user session are separated after each request. Therefore the VMs can be used independently of the user sessions; there are no sessions sticky to a special VM except in the moment when a request is processed.

SIDEBAR 4

Virtual MachineThe virtual machine used for the VM Container is based on a Sun CDC/Hotspot VM. It was originally designed for embedded devices, making it very lightweight and easy to port to new platforms. Having a VM with a low memory footprint is important because the isolation approach of the VM Container will increase the number of parallel running VMs. You may imagine the VM Container as a cluster of Palm Pilots if you like.

Thomas Smits has a degree in business administration and economics with a focus on business informationtechnology. His first contact with Java was 8 years ago. Since then, he's been eating, sleeping, and drinking Java. He did development projects for German Rail (Die Bahn), Brenntag, and other companies. Thomas authored a course on Java Web technology for Sun Microsystems and has done a lot of customer-specific training on Java. Since 2002 he is a development architect in the SAP NetWeaver team.

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.

Please wait while we process your request...

Your feedback has been submitted for approval.

Most Recent Comments

news desk10/31/05 08:23:49 AM EST

Developers using Java on clients or in small projects may not believe that there is a fundamental problem with Java's robustness. People working with huge applications and application servers written in Java know about the problem but may doubt that it's possible to build something like an unbreakable Java architecture.

SYS-CON Germany News Desk10/30/05 05:12:47 PM EST

Developers using Java on clients or in small projects may not believe that there is a fundamental problem with Java's robustness. People working with huge applications and application servers written in Java know about the problem but may doubt that it's possible to build something like an unbreakable Java architecture.

SYS-CON Canada News Desk10/30/05 02:48:26 PM EST

Unbreakable Java: A Java Server That Never Goes Down. Developers using Java on clients or in small projects may not believe that there is a fundamental problem with Java's robustness. People working with huge applications and application servers written in Java know about the problem but may doubt that it's possible to build something like an unbreakable Java architecture.

Eclipse News Desk10/29/05 05:39:58 PM EDT

Developers using Java on clients or in small projects may not believe that there is a fundamental problem with Java's robustness. People working with huge applications and application servers written in Java know about the problem but may doubt that it's possible to build something like an unbreakable Java architecture.

JDJ News Desk10/29/05 05:23:46 PM EDT

Unbreakable Java: A Java Server That Never Goes Down. Developers using Java on clients or in small projects may not believe that there is a fundamental problem with Java's robustness. People working with huge applications and application servers written in Java know about the problem but may doubt that it's possible to build something like an unbreakable Java architecture.

Alejandro Ramallo01/16/05 03:11:27 PM EST

Great article.But...much of what your are doing can be already be done using non-proprietary technologies. I am talking about JINI and in particular about the JavaSpaces Service. Dispatching a process per request has already been proven using these technologies. For example you can build a Virtual Compute Server that can handle all your requests in different VMs (several companies have implemented this, we are one of them). Plus you get the dynamism of the VCS (Grid Engine). Obviously JavaSpaces is the shared memory that enables this construct. I think the best approach to the future of Application Servers is in the nature of the Rio Project (http://rio.jini.org). I can imagine Sun implementing the future version of their App Server on top of Rio. Ahhh...Rio is OSS! and JINI is almost OSS!

///Inside the VM, parallelism is implemented using threads with no separation regarding memory or other resources. In this respect Java has not changed since its invention in the early nineties///

I agree that ABAP's dispatcher is an excellent model for per-process isolation. Going further in Java, I would suggest adding a portable root jail to the API. This could allow chroot to isolate and/or run the I/O of native subprocesses through a Java SecurityManager, using a user mode filesystem mechanism. In this way you could secure a Java language service... a handy way of adding a final wrapper to the security provided by the JVM.

The thing that bugs me about some Java developers is how they take those concepts like multithreading and separated execution and try to rebuild it painfully with a Java infrastructure, when the VM is probably not the best place to do this.

For example, when the author talks about the ABAP's process model and how it should probably be rebuild with Java. The idea is basically: One process (or thread) per request, shared session data storage across requests - that sounds like the best place for a classic CGI environment to me. PHP would probably do a nice job, or Perl or anything.

So if you want those features, why not build on top of Apache, maybe communicate with the client via XML webservices? CGI calls to script interpreters would pretty much provide anything you could possibly needed, while offering customizable degrees of separation *for free* right in the webserver. Why not? Why spend millions to build another bloated Java application server (that may or may not some day be able to support the same kind of featureset that webserver architectures already have)?

This is nothing more than a cleverly disguised pimping of SAP'S netweaver app server.

First and foremost SAP I do not want to have to run your hacked up JVM. Is it a good idea, yea probably but implementing it is gonna be hard because of the closed nature of JVM.

No sys admin and or programmer in his right mind wants to work with or support some third party JVM.

All that being said what's up JBOSS developers? Is this a good idea? I most certainly trust your skill far and beyond anything these guys can produce.

dotnetrocks01/03/05 05:52:07 PM EST

///What's kind of funny is that the isolation so desired by the author is built in to .NET from the get go. They're called Application Domains, and they're used heavily in ASP.NET to isolate applications from one another, but have them remain inside a single OS process.///

There's more to applications domans than just this.

try .NET!!01/03/05 04:49:30 PM EST

What's kind of funny is that the isolation so desired by the author is built in to .NET from the get go. They're called Application Domains, and they're used heavily in ASP.NET to isolate applications from one another, but have them remain inside a single OS process.

It was really fun reading this article as isolation as described in this article has been one of the founding principle of the Erlang VM. Erlang is a concurrency oriented langage created to support the development of robust scalable fault-tolerant applications.

I strongly recommand reading Joe Armstrong thesis. This is very enligthning regarding this topic and this is real world feedback:

Fortunately, Erlang has been designed from the ground-up for robustness. All feature of Erlang are designed to achieve the robustness goal (Concurrency model, functional programming, error handling, supervisor and worker mechanisms). This is precisely why it will be very difficul to achieve with Java, if even possible.
I hope this helps,

KenSeymour01/03/05 11:55:44 AM EST

I have heard ABAP jokingly referred to as "German COBOL."

Hayo01/03/05 09:24:02 AM EST

The article may also be downloaded at the SAP Developer Network in a more readable version. (You might need to register a user for SDN!)

"Unbreakable Java" is as reckless a claim as "Unbreakable Linux" - great article though, thanks.

PV12/30/04 12:54:07 PM EST

Great article. This article brings to light the aspects of VM we rarely think of. I think a lot of the JVM shortcomings will be eliminated when java penetrates deeper into the Operating System to the point that JVM is an integral part of the OS.

"We're a cybersecurity firm that specializes in engineering security solutions both at the software and hardware level. Security cannot be an after-the-fact afterthought, which is what it's become," stated Richard Blech, Chief Executive Officer at Secure Channels, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.

In this strange new world where more and more power is drawn from business technology, companies are effectively straddling two paths on the road to innovation and transformation into digital enterprises. The first path is the heritage trail – with “legacy” technology forming the background. Here, extant technologies are transformed by core IT teams to provide more API-driven approaches. Legacy systems can restrict companies that are transitioning into digital enterprises. To truly become a lead...

Video experiences should be unique and exciting! But that doesn’t mean you need to patch all the pieces yourself.
Users demand rich and engaging experiences and new ways to connect with you. But creating robust video applications at scale can be complicated, time-consuming and expensive. In his session at @ThingsExpo, Zohar Babin, Vice President of Platform, Ecosystem and Community at Kaltura, discussed how VPaaS enables you to move fast, creating scalable video experiences that reach your aud...

"Once customers get a year into their IoT deployments, they start to realize that they may have been shortsighted in the ways they built out their deployment and the key thing I see a lot of people looking at is - how can I take equipment data, pull it back in an IoT solution and show it in a dashboard," stated Dave McCarthy, Director of Products at Bsquare Corporation, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.

What happens when the different parts of a vehicle become smarter than the vehicle itself? As we move toward the era of smart everything, hundreds of entities in a vehicle that communicate with each other, the vehicle and external systems create a need for identity orchestration so that all entities work as a conglomerate. Much like an orchestra without a conductor, without the ability to secure, control, and connect the link between a vehicle’s head unit, devices, and systems and to manage the ...

An IoT product’s log files speak volumes about what’s happening with your products in the field, pinpointing current and potential issues, and enabling you to predict failures and save millions of dollars in inventory. But until recently, no one knew how to listen.
In his session at @ThingsExpo, Dan Gettens, Chief Research Officer at OnProcess, discussed recent research by Massachusetts Institute of Technology and OnProcess Technology, where MIT created a new, breakthrough analytics model for ...

IoT is rapidly changing the way enterprises are using data to improve business decision-making. In order to derive business value, organizations must unlock insights from the data gathered and then act on these. In their session at @ThingsExpo, Eric Hoffman, Vice President at EastBanc Technologies, and Peter Shashkin, Head of Development Department at EastBanc Technologies, discussed how one organization leveraged IoT, cloud technology and data analysis to improve customer experiences and effici...

Everyone knows that truly innovative companies learn as they go along, pushing boundaries in response to market changes and demands. What's more of a mystery is how to balance innovation on a fresh platform built from scratch with the legacy tech stack, product suite and customers that continue to serve as the business' foundation.
In his General Session at 19th Cloud Expo, Michael Chambliss, Head of Engineering at ReadyTalk, discussed why and how ReadyTalk diverted from healthy revenue and mor...

The 20th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held June 6-8, 2017, at the Javits Center in New York City, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location.
With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal ...

You have great SaaS business app ideas. You want to turn your idea quickly into a functional and engaging proof of concept. You need to be able to modify it to meet customers' needs, and you need to deliver a complete and secure SaaS application. How could you achieve all the above and yet avoid unforeseen IT requirements that add unnecessary cost and complexity? You also want your app to be responsive in any device at any time.
In his session at 19th Cloud Expo, Mark Allen, General Manager of...

The Internet of Things (IoT) promises to simplify and streamline our lives by automating routine tasks that distract us from our goals. This promise is based on the ubiquitous deployment of smart, connected devices that link everything from industrial control systems to automobiles to refrigerators. Unfortunately, comparatively few of the devices currently deployed have been developed with an eye toward security, and as the DDoS attacks of late October 2016 have demonstrated, this oversight can ...

As data explodes in quantity, importance and from new sources, the need for managing and protecting data residing across physical, virtual, and cloud environments grow with it. Managing data includes protecting it, indexing and classifying it for true, long-term management, compliance and E-Discovery. Commvault can ensure this with a single pane of glass solution – whether in a private cloud, a Service Provider delivered public cloud or a hybrid cloud environment – across the heterogeneous enter...

Bert Loomis was a visionary. This general session will highlight how Bert Loomis and people like him inspire us to build great things with small inventions. In their general session at 19th Cloud Expo, Harold Hannon, Architect at IBM Bluemix, and Michael O'Neill, Strategic Business Development at Nvidia, discussed the accelerating pace of AI development and how IBM Cloud and NVIDIA are partnering to bring AI capabilities to "every day," on-demand. They also reviewed two "free infrastructure" pr...

"Dice has been around for the last 20 years. We have been helping tech professionals find new jobs and career opportunities," explained Manish Dixit, VP of Product and Engineering at Dice, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.

Extracting business value from Internet of Things (IoT) data doesn’t happen overnight. There are several requirements that must be satisfied, including IoT device enablement, data analysis, real-time detection of complex events and automated orchestration of actions. Unfortunately, too many companies fall short in achieving their business goals by implementing incomplete solutions or not focusing on tangible use cases.
In his general session at @ThingsExpo, Dave McCarthy, Director of Products...

"ReadyTalk is an audio and web video conferencing provider. We've really come to embrace WebRTC as the platform for our future of technology," explained Dan Cunningham, CTO of ReadyTalk, in this SYS-CON.tv interview at WebRTC Summit at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.

The many IoT deployments around the world are busy integrating smart devices and sensors into their enterprise IT infrastructures. Yet all of this technology – and there are an amazing number of choices – is of no use without the software to gather, communicate, and analyze the new data flows. Without software, there is no IT.
In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, Dave McCarthy, Director of Products at Bsquare Corporation; Alan Williamson, Principal...

Businesses and business units of all sizes can benefit from cloud computing, but many don't want the cost, performance and security concerns of public cloud nor the complexity of building their own private clouds. Today, some cloud vendors are using artificial intelligence (AI) to simplify cloud deployment and management. In his session at 20th Cloud Expo, Ajay Gulati, Co-founder and CEO of ZeroStack, will discuss how AI can simplify cloud operations. He will cover the following topics: why clou...

WebRTC is the future of browser-to-browser communications, and continues to make inroads into the traditional, difficult, plug-in web communications world. The 6th WebRTC Summit continues our tradition of delivering the latest and greatest presentations within the world of WebRTC. Topics include voice calling, video chat, P2P file sharing, and use cases that have already leveraged the power and convenience of WebRTC.

"At ROHA we develop an app called Catcha. It was developed after we spent a year meeting with, talking to, interacting with senior citizens watching them use their smartphones and talking to them about how they use their smartphones so we could get to know their smartphone behavior," explained Dave Woods, Chief Innovation Officer at ROHA, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.

For large enterprise organizations, it can be next-to-impossible to identify attacks and act to mitigate them in good time. That’s one of the reasons executives often discover security breaches when an external researcher — or worse, a journalist — gets in touch to ask why hundreds of millions of logins for their company’s services are freely available on hacker forums.
The huge volume of incoming connections, the heterogeneity of services, and the desire to avoid false positives leave enterprise security teams in a difficult spot. Finding potential security breaches is like finding a tiny ne...

Monitoring of Docker environments is challenging. Why? Because each container typically runs a single process, has its own environment, utilizes virtual networks, or has various methods of managing storage. Traditional monitoring solutions take metrics from each server and applications they run. These servers and applications running on them are typically very static, with very long uptimes. Docker deployments are different: a set of containers may run many applications, all sharing the resources of one or more underlying hosts. It's not uncommon for Docker servers to run thousands of short-te...

The IoT continued its toddler-like growth and stumbles in 2016. Here are five trends to look for in 2017 as the IoT enters its adolescence and how to benefit from them.
1. Ecosystems begin to determine winners and losers
Previously these were nice in-the-future concerns; now they will really count. Filling out a whole product value proposition through partnerships has repeatedly proven its importance across B2B and enterprise software sectors. In the IoT, they will be even more critical.

Hewlett Packard Enterprise advanced across several fronts at HPE Discover 2016 in London, making inroads into hybrid IT, Internet of Things, and on to the latest advances in memory-based computer architecture.
A leaner, more streamlined Hewlett Packard Enterprise (HPE) advanced across several fronts at HPE Discover 2016 in London, making inroads into hybrid IT, Internet of Things (IoT), and on to the latest advances in memory-based computer architecture. All the innovations are designed to help customers address the age of digital disruption with speed, agility, and efficiency.

The time of year when crystal balls get a viewing and many pundits put out their annual predictions for the coming year. Rather than thinking up my own, I figured I’d regurgitate what many others are expecting to happen.
8 Predictions About How the Security Industry Will Fare in 2017 – An eWeek slideshow looking at areas like IoT, ransomware, automated attacks and the security skills shortage in the industry. Chris Preimesberger (@editingwhiz), who does a monthly #eweekchat on twitter, covers many of the worries facing organizations.

I recently recovered from ACDF surgery where they remove a herniated or degenerative disc in the neck and fuse the cervical bones above and below the disk. My body had a huge vulnerability where one good shove or fender bender could have ruptured my spinal cord. I had some items removed and added some hardware and now my risk of injury is greatly reduced.
Breaches are occurring at a record pace, botnets are consuming IoT devices and bandwidth, and the cloud is becoming a de-facto standard for many companies. Vulnerabilities are often found at the intersection of all three of these trends, so ...

In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain.
Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life settlement products to hedge funds and investment banks. After, he co-founded a revenue cycle management...

Okay, let me get this out there: I find the term “Citizen Data Scientist” confusing. Gartner defines a “citizen data scientist as “a person who creates or generates models that leverage predictive or prescriptive analytics but whose primary job function is outside of the field of statistics and analytics.” While we teach business users to “think like a data scientist” in their ability to identify those variables and metrics that might be better predictors of performance, I do not expect that the business stakeholders are going to be able to create and generate analytic models. I do not believe...

We have been seeing a sudden rise in the deployment of Artificial Intelligence (AI), Machine Learning (ML), and Deep Learning (DL). It looks like the long “AI winter” is finally over. It is interesting to note that AI was mentioned by Alan Turing in a paper he wrote back in 1950 to suggest that there is possibility to build machines with true intelligence. Then in 1956, John McCarthy organized a conference at Dartmounth and coined the phrase Artificial Intelligence. Much of the next three decades did not see much activity and hence the phrase “AI Winter” was coined. Around 1997, IBM’s Deep Blu...

My daughter called with a frantic message. She was driving my car (why she was driving my car when she has her own is the subject for another time) and a warning message appeared on the car console: “Engine overheated! Stop engine and allow to cool down” (see Figure 1).
Fortunately, my daughter was nearly home, so she got the car home, shut it down and called me immediately (I was on the road somewhere…Washington DC, Philadelphia, Knoxville, Chicago, Toronto…I don’t even remember where anymore). I called my trusty mechanic (Chuck) and he was able to work my car into the schedule when I got ba...

With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterp...

Almost a year ago, I wrote these words, "Technology has reached the tipping point for me, it moved from a help to a hindrance." The plethora of adrenaline- and endorphin-inducing mobile apps, 24x7 news, notifications, alerts and updates, drip fed my brain and hindered my "deep work and deep thoughts." In Cal Newport's new book titled, Deep Work he posits that most knowledge workers need concentration and substantial time, dedicated and uninterrupted, to produce their best work. He argues that a lot of technologies and open office layouts today inhibit creativity, "deep work" and "deep thoughts...

Predictions can be enlightening as we round out the end of the year, and industry analysts covering the Industrial Internet of Things (IIoT) have begun forecasting what to expect in 2017. In the ever changing digital business landscape, companies need to keep a pulse on the technology and regulatory environments to have direction on where to focus their efforts. Over the past few years, IIoT has taken on the shared title of industry 4.0, as new ways of connecting businesses and consumers impact systems infrastructures and technology integrations across many, if not all. business lines.

The holiday season is nearly upon us (I’ve already heard Christmas songs being played…really?) and retailers are usually the big winners during the holiday season. However, leading retailers are already thinking beyond the current holiday season, and not just from marketing and merchandising perspectives. These leading retailers are considering how this holiday season – and the resulting wealth of customer, product and operational data – can be converted into new analytic insights that can be used to optimize key business processes, uncover new monetization opportunities and create a more comp...

I was on a high-rise construction site 34-floors above the city. I was talking to the construction crew when a fight broke out. There was an explosion and the floor collapsed. I removed the virtual reality (VR) goggles and laughed. It was so real. The VR solutions provided an incredible experience, almost like being there. As good as my experience was, it was not reality. It was a controlled pre-programmed experience - a notional idea. Today, however, VR and sensor technologies enable a notional idea to become reality – a Real-Reality.

The cloud promises new levels of agility and cost-savings for Big Data, data warehousing and analytics. But it’s challenging to understand all the options – from IaaS and PaaS to newer services like HaaS (Hadoop as a Service) and BDaaS (Big Data as a Service). In her session at @BigDataExpo at @ThingsExpo, Hannah Smalltree, a director at Cazena, provided an educational overview of emerging “as-a-service” options for Big Data in the cloud. This is critical background for IT and data professionals, as experts estimate that “as-a-service” cloud sourcing will increase from today’s 15% to 35% by 20...

Internet of @ThingsExpo has announced today that Chris Matthieu has been named tech chair of Internet of @ThingsExpo 2017 New York
The 7th Internet of @ThingsExpo will take place on June 6-8, 2017, at the Javits Center in New York City, New York.
Chris Matthieu is the co-founder and CTO of Octoblu, a revolutionary real-time IoT platform recently acquired by Citrix. Octoblu connects things, systems, people and clouds to a global mesh network allowing users to automate and control design flows, processes and sensor data, and analyze/react to real-time events and messages as well as big dat...

As we enter the final week before the 19th International Cloud Expo | @ThingsExpo in Santa Clara, CA, it's time for me to reflect on six big topics that will be important during the show. Hybrid Cloud: This general-purpose term seems to provide a comfort zone for many enterprise IT managers. It sounds reassuring to be able to work with one of the major public-cloud providers like AWS or Microsoft Azure while still maintaining an on-site presence.

2016 brought about more cyberattacks than we thought possible, especially involving ransomware, and we definitely won't see that trend breaking stride in 2017. By next year, we expect every single adult in the US will know a blood relative that has had their identity stolen - the Internal Revenue Service reported that 2.7 million people had their identities stolen in 2014 and according to TransUnion, 19 people fall victim to identity theft every minute.

There’s a funny thing about digital transformation: we are simultaneously over-hyping it and understating it. On the one hand, every tech company in the world is talking about it. It doesn’t matter how mundane the technology; every company is somehow relating their products to digital transformation.
On the other, many people are failing to grasp the import and impact of what digital transformation really means. In far too many cases, business and IT leaders are dismissing it as nothing more than a marketing ploy. The unfortunate result is that the over-hypedness of digital transformation i...

Cloud computing budgets worldwide are reaching into the hundreds of billions of dollars, and no organization can survive long without some sort of cloud migration strategy. Each month brings new announcements, use cases, and success stories.